Trolling Twitter followers with .htaccess & PHP

Thought this was pretty entertaining! David Sandberg trolls his Twitter followers by using .htaccess to spoof an image file to return a PHP script that programmatically returns an image based on the visitor IP address.

David F. Sandberg

@ponysmasher

Troll tutorial twitter.com/ponysmasher/st…

21:21 PM - 22 Sep 2020

David F. Sandberg @ponysmasher

I should probably know this, but can anyone tell me what movie(?) this is from: https://t.co/Fpc6GmSmzg

163 1275

Here's the code from the Tweet for anybody wanting to try anything similar:

.htaccess

RewriteEngine on
Redirect /whatisthis.jpg /whatisthis.php

whatisthis.php

<?php
function getIMG() {
    // Get last digit of IP address
    $numb = substr($_SERVER['REMOTE_ADDR'], -1);

    // Return a different image based on IP
    if($numb == 1 || $numb == 2) {
        header("Location: 1.jpg");
    } elseif($numb == 3 || $numb == 4) {
        header("Location: 2.jpg");
    } elseif($numb == 5 || $numb == 6) {
        header("Location: 3.jpg");
    } elseif($numb == 7 || $numb == 8) {
        header("Location: 4.jpg");
    } elseif($numb == 9 || $numb == 0) {
        header("Location: 5.jpg");
    }
}

getIMG();
?>

Comments

[Wesley de Groot]

For a better joke, don’t rederict them.

Use something like

header(“content-type: image/jpeg”);
if(...) {
echo file_get_contents(“imagename.jpg”);
}

Then the output is different per IP range, but they will not know/see it.

P.s. typed on mobile so indentation and example are not perfect.